Personal Nix flake
nixos home-manager nix
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat: Experimental native docker-lock

Makes use of the native `docker compose config --lock-image-digests`
command to generate an override file, merging with an existing one if so
desired

+30
+1
nix/apps/default.nix
··· 2 2 imports = [ 3 3 ./assets.nix 4 4 ./ci.nix 5 + ./docker-lock.nix 5 6 ]; 6 7 }
+29
nix/apps/docker-lock.nix
··· 1 + { 2 + perSystem = {pkgs, ...}: { 3 + apps.docker-lock = { 4 + meta.description = "Extracts digests from docker containers"; 5 + program = 6 + pkgs.writeNuScriptStdinBin "docker-lock" 7 + # nu 8 + '' 9 + # Generates composer.override.yaml based on running containers 10 + # 11 + # As seen on https://github.com/docker/compose/issues/12836#issuecomment-2887147815 12 + def main [ 13 + output: path = ./composer.override.yaml # Override file to create/update 14 + --update-existing = true # Merge the generated digests with the existing file 15 + ]: nothing -> nothing { 16 + sudo docker compose config --lock-image-digests 17 + | from yaml 18 + | if ($update_existing and ($output | path exists)) { 19 + open $output --raw 20 + | from yaml 21 + | deep merge $in 22 + } else { $in } 23 + | to yaml 24 + | save --force $output 25 + } 26 + ''; 27 + }; 28 + }; 29 + }